RootSSV:60463Microsoft Excel 'SerAuxErrBar'堆溢出远程代码执行漏洞(MS12-076)
0.953 High
EPSS
Percentile
99.4%
BUGTRAQ ID: 56425
CVE ID: CVE-2012-1885
Excel是微软公司的办公软件的试算表软件组件。
Microsoft Excel 2003 SP3、2007 SP2/SP3、2010 SP1、Office 2008/2011 for Mac、Office Compatibility Pack SP2\SP3存在堆缓冲区溢出漏洞,通过特制的电子表格,可允许远程攻击者执行任意代码。
0
Microsoft Excel 2010
Microsoft Excel 2003
Microsoft Office Microsoft Office 2003 Professi
Microsoft Office 2010 (64-bit edition) SP1
Microsoft Office 2010 (64-bit edition) 0
Microsoft Office 2010 (32-bit edition) 0
Microsoft Office 2003
Microsoft Office (32-bit edition) SP1
Microsoft Office 2003 SP3
Microsoft Office Microsoft Office for Mac 2011
Microsoft Office Microsoft Office Excel Viewer
Microsoft Office Microsoft Office Excel 2007
Microsoft Office Microsoft Office Compatibilit
Microsoft Office Microsoft Office 2010
Microsoft Office Microsoft Office 2008 for Mac
Microsoft Office Microsoft Office 2008 for Mac
Microsoft Office Microsoft Office 2007
Microsoft Office Microsoft Office 2003 Student
Microsoft Office Microsoft Office 2003 Standar
Microsoft Office Microsoft Office 2003 Small B
Microsoft Office Office for Mac 2011
Microsoft Office Office Excel Viewer 2007
Microsoft Office Office Excel 2007
Microsoft Office Office Compatibility Pack fo
Microsoft Office Office 2010
Microsoft Office Office 2008 for Mac
Microsoft Office Office 2007
Microsoft Office Office 2003 Student and Teac
Microsoft Office Office 2003 Standard Edition
Microsoft Office Office 2003 Small Business E
Microsoft Office Office 2003 Professional Edi
临时解决方法:
-
使用Microsoft Office File Block策略阻止打开未知或可疑源和位置的Office 2003
和更早版本的文件。 -
在打开未知或可疑源和位置的文件时,使用MOICE
-
不要打开未知或可疑源和位置的Excel文件。
厂商补丁:
Microsoft
Microsoft已经为此发布了一个安全公告(MS12-076)以及相应补丁:
MS12-076:Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2720184)
链接:http://www.microsoft.com/technet/security/bulletin/MS12-076.asp
Related
